Legal

Data Protection & Privacy Policy

Effective date: April 2, 2026. This policy explains how Acqui AI collects, uses, stores, and protects your personal information.

1. Introduction

Acqui AI, Inc. ("Acqui AI", "we", "us", "our") is committed to protecting your privacy and handling your personal data with transparency and care. This Data Protection and Privacy Policy ("Policy") describes how we collect, use, store, share, and protect personal information when you use our Services, including Acqui.app and any related products and websites.

By using our Services, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use our Services.

2. Information We Collect

We collect information you provide directly to us, information we collect automatically when you use our Services, and information from third parties.

Information you provide:

  • Account registration information (name, email address, password)
  • Business information (company name, address, phone number)
  • Payment information (processed securely through Stripe; we do not store full card details)
  • Content you create or upload to the Services (client records, invoices, messages)
  • Communications you send to us (support requests, emails)

Information collected automatically:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device information (hardware model, operating system, unique device identifiers)
  • Usage data (features used, actions taken, session duration)
  • Cookies and similar tracking technologies (see our Cookie Policy)

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Services
  • Process transactions and send related information (receipts, invoices)
  • Send administrative communications (account updates, security alerts)
  • Respond to your enquiries and provide customer support
  • Send marketing communications where you have given consent
  • Monitor and analyse usage patterns to improve functionality and user experience
  • Detect, investigate, and prevent fraudulent or illegal activity
  • Comply with legal obligations
  • Train and improve our AI models using aggregated, anonymised data

4. Legal Basis for Processing

Where applicable data protection law requires a legal basis for processing personal data, we rely on the following:

  • Contract performance: Processing necessary to provide the Services you have contracted for
  • Legitimate interests: Processing for our legitimate business interests (improving Services, fraud prevention, security) where these are not overridden by your rights
  • Consent: Where you have given specific consent (e.g., marketing communications)
  • Legal obligation: Processing necessary to comply with applicable law

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

  • Service providers: Third parties that perform services on our behalf (cloud hosting, payment processing via Stripe, email delivery via SendGrid, AI generation via OpenAI). These third-parties are contractually obligated to safeguard your personal information and use it only for the purposes specified in this policy
  • Business partners: Integrations you explicitly connect to your account (e.g., Mercury banking)
  • Legal authorities: When required by law, court order, or to protect the rights and safety of Acqui AI or others
  • Business transfers: In connection with a merger, acquisition, or sale of assets, where personal data may be transferred as a business asset

6. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. When you delete your account, we will delete or anonymise your personal data within 90 days, unless we are required to retain it for legal or regulatory purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at hello@acqui.ai. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, and destruction. These measures include encryption in transit and at rest, access controls, and regular security assessments. However, no security system is impenetrable, and we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. Where we transfer personal data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection law, including standard contractual clauses where required.

10. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by email or by posting a notice in the Services. Your continued use of the Services after the effective date of the updated Policy constitutes acceptance of the changes.

11. Contact Us

For questions, requests, or concerns about this Policy or our data practices, contact our privacy team at hello@acqui.ai or by calling +1 (518) 800-4004.

Terms of Service Acceptable Use Policy EULA Cookie Policy